Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

225091 matches found

UbuntuCve
UbuntuCveadded 2026/05/25 8:16 p.m.14 views

CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

8.1CVSS5.8AI score0.00764EPSS
Exploits0References6
OSV
OSVadded 2026/05/25 8:16 p.m.5 views

UBUNTU-CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

8.1CVSS5.8AI score0.00764EPSS
Exploits0References7
Vulnrichment
Vulnrichmentadded 2026/05/25 7:26 p.m.7 views

CVE-2026-24546 WordPress GamiPress plugin <= 7.6.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ruben Garcia GamiPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GamiPress: from n/a through 7.6.3...

5.3CVSS5.8AI score0.00295EPSS
Exploits0References1
Patchstack
Patchstackadded 2026/05/25 7:24 p.m.9 views

WordPress GamiPress plugin <= 7.6.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by bosz in WordPress Plugin GamiPress versions = 7.6.3...

5.3CVSS5.8AI score0.00295EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/05/25 7:18 p.m.7 views

WordPress WPCS plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin WPCS versions = 1.3.1...

7.1CVSS5.8AI score0.0018EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/25 7:6 p.m.11 views

CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

8.1CVSS5.8AI score0.00764EPSS
Exploits0References6Affected Software1
EUVD
EUVDadded 2026/05/25 7:6 p.m.12 views

EUVD-2026-31719

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

8.1CVSS5.8AI score0.00764EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/25 7:6 p.m.7 views

CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

8.1CVSS5.8AI score0.00764EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/25 7:6 p.m.25 views

CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

8.1CVSS0.00764EPSS
Exploits0References5
Debian CVE
Debian CVEadded 2026/05/25 7:6 p.m.9 views

CVE-2026-48842

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuserquery plugin via a pregreplace backslash escape bypass...

8.1CVSS5.8AI score0.00764EPSS
Exploits0
CVE
CVEadded 2026/05/25 7:6 p.m.194 views

CVE-2026-48842

The CVE affects Roundcube Webmail 1.6.x ≤1.6.15 and 1.7.x ≤1.7.0, via the virtuser_query plugin, where a pre-authentication SQL injection is triggered by a backslash-escaped preg_replace() bypass. Root cause: input crafted to bypass escapes leads to SQL injection before authentication. Impact is ...

8.1CVSS5.8AI score0.00764EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/25 6:11 p.m.13 views

Malicious code in koishi-plugin-yuan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca3069b86d0de573768e010f6ee414d10454b7aa241d17bfa056ca2d7665e533 koishi-plugin-yuan exposes an HTTP endpoint /api/bind-cookie that accepts Bilibili user cookies including SESSDATA and bilijct and forwards them via...

5.8AI score
Exploits0References1
OSV
OSVadded 2026/05/25 6:11 p.m.8 views

MAL-2026-4596 Malicious code in koishi-plugin-yuan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca3069b86d0de573768e010f6ee414d10454b7aa241d17bfa056ca2d7665e533 koishi-plugin-yuan exposes an HTTP endpoint /api/bind-cookie that accepts Bilibili user cookies including SESSDATA and bilijct and forwards them via...

5.8AI score
Exploits0References1
OSV
OSVadded 2026/05/25 6:2 p.m.10 views

USN-8304-1 vim vulnerabilities

Joshua Rogers discovered that Vim incorrectly handled certain URL schemes in the netrw plugin. An attacker could possibly use this issue to execute arbitrary commands. CVE-2026-42307 It was discovered that Vim incorrectly handled command-line completion for the :find command. An attacker could...

6.6CVSS6AI score0.00917EPSS
Exploits1References4
Ubuntu
Ubuntuadded 2026/05/25 6:2 p.m.14 views

USN-8304-1: Vim vulnerabilities

Joshua Rogers discovered that Vim incorrectly handled certain URL schemes in the netrw plugin. An attacker could possibly use this issue to execute arbitrary commands. CVE-2026-42307 It was discovered that Vim incorrectly handled command-line completion for the :find command. An attacker could...

6.6CVSS6AI score0.00917EPSS
Exploits1
NVD
NVDadded 2026/05/25 3:16 p.m.12 views

CVE-2018-25371

mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality. Attackers can inject SQL code using boolean-based blind, time-based blind, or stacked query...

8.8CVSS0.00348EPSS
Exploits0References4
OSV
OSVadded 2026/05/25 2:46 p.m.7 views

BIT-DISCOURSE-2026-34154 Discourse has a subscription access bypass in its discourse-subscriptions plugin

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in versions 2026.1....

5.3CVSS5.7AI score0.00214EPSS
Exploits0References2
CVE
CVEadded 2026/05/25 2:15 p.m.21 views

CVE-2018-25371

The CVE-2018-25371 entry concerns mooSocial Store Plugin 2.6 with a blind SQL injection in the product parameter of the URL rewrite functionality. The vulnerability allows unauthenticated attackers to manipulate queries, enabling boolean-based blind, time-based blind, or stacked query techniques ...

8.8CVSS5.9AI score0.00348EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/25 2:15 p.m.26 views

CVE-2018-25371 mooSocial Store Plugin 2.6 SQL Injection via product parameter

mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality. Attackers can inject SQL code using boolean-based blind, time-based blind, or stacked query...

8.8CVSS0.00348EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:15 p.m.10 views

CVE-2018-25371

mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality. Attackers can inject SQL code using boolean-based blind, time-based blind, or stacked query...

8.8CVSS5.9AI score0.00348EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder